Vulnerability-Lookup

CVE-2024-47252 (GCVE-0-2024-47252)

Vulnerability from cvelistv5 – Published: 2025-07-10 16:55 – Updated: 2025-11-04 21:08

Title

Apache HTTP Server: mod_ssl error log variable escaping

Summary

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

Assigner

apache

References

4 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2025…
http://www.openwall.com/lists/oss-security/2025/07/10/2
http://www.openwall.com/lists/oss-security/2025/07/10/6

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4 , ≤ 2.4.63 (semver)

Credits

John Runyon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T16:06:33.872531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T19:56:38.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:08:59.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.63",
              "status": "affected",
              "version": "2.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "John Runyon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\u003cbr\u003e\u003cbr\u003eIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-150",
              "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-10T16:55:20.013Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-18T15:26:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: mod_ssl error log variable escaping",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-47252",
    "datePublished": "2025-07-10T16:55:20.013Z",
    "dateReserved": "2024-09-23T15:25:33.808Z",
    "dateUpdated": "2025-11-04T21:08:59.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-47252",
      "date": "2026-06-04",
      "epss": "0.005",
      "percentile": "0.66319"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47252\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-07-10T17:15:46.400\",\"lastModified\":\"2025-11-04T22:16:04.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\\n\\nIn a logging configuration where CustomLog is used with \\\"%{varname}x\\\" or \\\"%{varname}c\\\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.\"},{\"lang\":\"es\",\"value\":\"Un escape insuficiente de los datos proporcionados por el usuario en mod_ssl en Apache HTTP Server 2.4.63 y versiones anteriores permite que un cliente SSL/TLS no confiable inserte caracteres de escape en los archivos de registro en algunas configuraciones. En una configuraci\u00f3n de registro donde se usa CustomLog con \\\"%{varname}x\\\" o \\\"%{varname}c\\\" para registrar variables proporcionadas por mod_ssl, como SSL_TLS_SNI, ni mod_log_config ni mod_ssl realizan ning\u00fan escape, y los datos no saneados proporcionados por el cliente pueden aparecer en los archivos de registro.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-150\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.64\",\"matchCriteriaId\":\"C552FA45-1E0F-4F3A-BB99-8E4604C82820\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/10/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/10/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/10/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:08:59.176Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47252\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T16:06:33.872531Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T16:06:36.176Z\"}}], \"cna\": {\"title\": \"Apache HTTP Server: mod_ssl error log variable escaping\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"John Runyon\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.63\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-09-18T15:26:00.000Z\", \"value\": \"reported\"}], \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\\n\\nIn a logging configuration where CustomLog is used with \\\"%{varname}x\\\" or \\\"%{varname}c\\\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\u003cbr\u003e\u003cbr\u003eIn a logging configuration where CustomLog is used with \\\"%{varname}x\\\" or \\\"%{varname}c\\\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-150\", \"description\": \"CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-07-10T16:55:20.013Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47252\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:08:59.176Z\", \"dateReserved\": \"2024-09-23T15:25:33.808Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-07-10T16:55:20.013Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

alsa-2025:15023

Vulnerability from osv_almalinux

Published

2025-09-02 00:00

Modified

2025-09-29 09:03

Summary

Moderate: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15023	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/9/ALSA-2025-15023.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_lua"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15023",
  "modified": "2025-09-29T09:03:21Z",
  "published": "2025-09-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15023"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-15023.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd security update"
}

alsa-2025:15095

Vulnerability from osv_almalinux

Published

2025-09-02 00:00

Modified

2025-09-03 08:58

Summary

Moderate: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15095	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/10/ALSA-2025-15095.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.63-1.el10_0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.63-1.el10_0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15095",
  "modified": "2025-09-03T08:58:50Z",
  "published": "2025-09-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15095"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-15095.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd security update"
}

alsa-2025:15123

Vulnerability from osv_almalinux

Published

2025-09-03 00:00

Modified

2025-09-04 10:27

Summary

Moderate: httpd:2.4 security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15123	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49630	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374578	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/8/ALSA-2025-15123.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_http2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.7-10.module_el8.10.0+4044+ea5f78b1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+3031+fb177b09"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15123",
  "modified": "2025-09-04T10:27:23Z",
  "published": "2025-09-03T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15123"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49630"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374578"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-15123.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49630",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd:2.4 security update"
}

BDU:2025-08958

Vulnerability from fstec - Published: 18.09.2024

Title

Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Description

Уязвимость функции mod_ssl веб-сервера Apache HTTP Server связана с неприятием мер по нейтрализации специальных управляющих элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на целостность защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor

Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Apache Software Foundation, АО "НППКТ", ООО «НЦПР»

Software Name

Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Red Hat JBoss Core Services, SUSE Liberty Linux, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, HTTP Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), МСВСфера

Software Version

7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 12 SP2 LTSS (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4 LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 15 SP2 LTSS (Suse Linux Enterprise Server), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), - (Альт 8 СП), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP2-BCL (Suse Linux Enterprise Server), 9 (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 1.6 «Смоленск» (Astra Linux Common Edition), - (Red Hat JBoss Core Services), 9 (SUSE Liberty Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (Suse Linux Enterprise Server), 10 (Red Hat Enterprise Linux), от 2.4.0 до 2.4.64 (HTTP Server), до 2.14 (ОСОН ОСнова Оnyx), 9.5 (МСВСфера), 3.8 (Astra Linux Special Edition)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Apache HTTP Server: https://httpd.apache.org/security/vulnerabilities_24.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2024-47252 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-47252 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2024-47252.html Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/ Для ОС Astra Linux: обновить пакет apache2 до 2.4.62-3astra.se2~7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 Для РЕД ОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-29092025/?sphrase_id=1313666 Обновление программного обеспечения apache2 до версии 2.4.65-1~deb11u1.osnova2u1 Для ОС Astra Linux: обновить пакет apache2 до 2.4.62-3astra.se2~7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 Для ОС Astra Linux: обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se14 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

Reference

https://httpd.apache.org/security/vulnerabilities_24.html https://access.redhat.com/security/cve/cve-2024-47252 https://security-tracker.debian.org/tracker/CVE-2024-47252 https://www.suse.com/security/cve/CVE-2024-47252.html https://altsp.su/obnovleniya-bezopasnosti/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-29092025/?sphrase_id=1313666 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

CWE

CWE-150

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 12 SP2 LTSS (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4 LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 15 SP2 LTSS (Suse Linux Enterprise Server), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP2-BCL (Suse Linux Enterprise Server), 9 (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), - (Red Hat JBoss Core Services), 9 (SUSE Liberty Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (Suse Linux Enterprise Server), 10 (Red Hat Enterprise Linux), \u043e\u0442 2.4.0 \u0434\u043e 2.4.64 (HTTP Server), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430), 3.8 (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache HTTP Server:\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-47252\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-47252\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-47252.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.62-3astra.se2~7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-29092025/?sphrase_id=1313666\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.65-1~deb11u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.62-3astra.se2~7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.46-1~bpo9+1astra.se14 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08958",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47252",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat JBoss Core Services, SUSE Liberty Linux, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, HTTP Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP2 LTSS , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Novell Inc. Suse Linux Enterprise Desktop 12 SP2 , Novell Inc. Suse Linux Enterprise Server 12 SP2 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP4 LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Novell Inc. Suse Linux Enterprise Server 15 SP2 LTSS , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. SUSE Liberty Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 12 SP5-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security , Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP7 , Novell Inc. Suse Linux Enterprise Server 15 SP7 , Red Hat Inc. Red Hat Enterprise Linux 10 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 3.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_ssl \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-150)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_ssl \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://httpd.apache.org/security/vulnerabilities_24.html\nhttps://access.redhat.com/security/cve/cve-2024-47252\nhttps://security-tracker.debian.org/tracker/CVE-2024-47252\nhttps://www.suse.com/security/cve/CVE-2024-47252.html\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-29092025/?sphrase_id=1313666\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-150",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

bit-apache-2024-47252

Vulnerability from bitnami_vulndb

Published

2025-07-16 07:56

Modified

2025-11-06 13:25

Summary

Apache HTTP Server: mod_ssl error log variable escaping

Details

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.

In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "apache",
        "purl": "pkg:bitnami/apache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.64"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47252"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.",
  "id": "BIT-apache-2024-47252",
  "modified": "2025-11-06T13:25:46.476Z",
  "published": "2025-07-16T07:56:11.862Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47252"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/10/6"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Apache HTTP Server: mod_ssl error log variable escaping"
}

CERTFR-2025-AVI-0586

Vulnerability from certfr_avis - Published: 2025-07-11 - Updated: 2025-07-11

De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions antérieures à 2.4.64

References

Title

Publication Time

Tags

Bulletin de sécurité Apache HTTP Server CHANGES_2.4.64

2025-07-10

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.64",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "initial_release_date": "2025-07-11T00:00:00",
  "last_revision_date": "2025-07-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0586",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
  "vendor_advisories": [
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache HTTP Server CHANGES_2.4.64",
      "url": "https://downloads.apache.org/httpd/CHANGES_2.4.64"
    }
  ]
}

CERTFR-2025-AVI-0740

Vulnerability from certfr_avis - Published: 2025-08-29 - Updated: 2025-08-29

De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202508.1

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-17

2025-08-28

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202508.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-6491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6491"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    }
  ],
  "initial_release_date": "2025-08-29T00:00:00",
  "last_revision_date": "2025-08-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0740",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
  "vendor_advisories": [
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-17",
      "url": "https://www.tenable.com/security/tns-2025-17"
    }
  ]
}

CERTFR-2025-AVI-0751

Vulnerability from certfr_avis - Published: 2025-09-03 - Updated: 2025-09-03

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 6.0.19+LTS-T
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 10.0.9
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 10.2.2+LTS-T

References

Title

Publication Time

Tags

Bulletin de sécurité VMware TNZ-2025-0071	2025-09-02	vendor-advisory
Bulletin de sécurité VMware TNZ-2025-0069	2025-09-02	vendor-advisory
Bulletin de sécurité VMware TNZ-2025-0070	2025-09-02	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.9",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.2+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2025-27209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27209"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2025-30399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30399"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-23167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2025-49007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49007"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2025-1217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1217"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2025-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1736"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2025-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1734"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1861"
    },
    {
      "name": "CVE-2025-21588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2025-1219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1219"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "initial_release_date": "2025-09-03T00:00:00",
  "last_revision_date": "2025-09-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0071",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36077"
    },
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0069",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36075"
    },
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0070",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36076"
    }
  ]
}

CERTFR-2025-AVI-1013

Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	AIX	AIX versions 7.2.5 sans le correctif de sécurité IJ55968 SP11
IBM	Sterling	Sterling Transformation Extender versions 11.0.2.0 sans le correctif de sécurité PH68819
IBM	QRadar	QRadar Network Packet Capture versions 7.5.x antérieures à QRadar Network Packet Capture 7.5.0 Update Package 14
IBM	AIX	AIX versions 7.3.2 sans le correctif de sécurité IJ56113
IBM	Sterling	Sterling Transformation Extender versions 11.0.1.1 sans le correctif de sécurité PH68819
IBM	Sterling	Sterling Transformation Extender versions 11.0.0.0 sans le correctif de sécurité PH68266
IBM	WebSphere	WebSphere Application Server versions 9.0.x sans le correctif de sécurité 9.0.5.27
IBM	Sterling	Sterling Transformation Extender versions 10.1.1.1 sans le correctif de sécurité PH68266
IBM	Db2	Db2 versions 11.5.x sans le dernier correctif de sécurité
IBM	Tivoli	Tivoli Application Dependency Discovery Manager versions 7.3.x à 7.3.0.12 sans le correctif de sécurité efix_CVE-2025-48976_FP12250331.zip
IBM	N/A	QRadar DNS Analyzer App versions antérieures à 2.0.4
IBM	Db2	Db2 versions 12.1.x antérieures à 12.1.3 sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.11 sans le correctif de sécurité 25.0.0.12
IBM	WebSphere	WebSphere Application Server versions 8.5.x sans le correctif de sécurité 8.5.5.29
IBM	AIX	AIX versions 7.3.1 sans le correctif de sécurité IJ56230
IBM	Cognos Analytics	Cognos Analytics Certified Containers versions 1.2.1.x antérieures à 12.1.1
IBM	Sterling	Sterling Transformation Extender versions 10.1.2.1 sans le correctif de sécurité PH68266
IBM	Db2	Db2 versions 11.1.x sans le dernier correctif de sécurité
IBM	Sterling	Sterling Transformation Extender versions 10.1.0.2 sans le correctif de sécurité PH68266
IBM	AIX	AIX versions 7.3.3 sans le correctif de sécurité IJ55897 SP2
IBM	Storage Protect	Storage Protect Operations Center versions 8.1.x antérieures à 8.1.27.100
IBM	QRadar SIEM	QRadar SIEM versions 7.5 à 7.5.0 IP14 sans les correctif de sécurité QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7250959	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7249983	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250785	2025-11-11	vendor-advisory
Bulletin de sécurité IBM 7249992	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7249994	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250921	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250486	2025-11-07	vendor-advisory
Bulletin de sécurité IBM 7250907	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250395	2025-11-07	vendor-advisory
Bulletin de sécurité IBM 7250956	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250763	2025-11-10	vendor-advisory
Bulletin de sécurité IBM 7250474	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7250971	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7250926	2025-11-12	vendor-advisory
Bulletin de sécurité IBM 7251173	2025-11-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ55968 SP11",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH68819",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 QRadar Network Packet Capture 7.5.0 Update Package 14",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ56113",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 PH68819",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH68266",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9  9.0.5.27",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Tivoli Application Dependency Discovery Manager versions 7.3.x \u00e0 7.3.0.12 sans le correctif de s\u00e9curit\u00e9 efix_CVE-2025-48976_FP12250331.zip",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.3 sans le dernier correctif de s\u00e9curit\u00e9 ",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.11 sans le correctif de s\u00e9curit\u00e9 25.0.0.12",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5.x sans le correctif de s\u00e9curit\u00e9  8.5.5.29",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.3.1 sans le correctif de s\u00e9curit\u00e9 IJ56230",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics Certified Containers versions 1.2.1.x ant\u00e9rieures \u00e0 12.1.1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9 ",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH68266",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ55897 SP2",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.27.100",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5 \u00e0 7.5.0 IP14 sans les correctif de s\u00e9curit\u00e9 QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2025-22026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
    },
    {
      "name": "CVE-2024-1597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-36236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36236"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2025-39757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
    },
    {
      "name": "CVE-2023-46308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
    },
    {
      "name": "CVE-2024-49350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
    },
    {
      "name": "CVE-2025-36251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36251"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-38461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-36250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-38527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
    },
    {
      "name": "CVE-2025-38449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
    },
    {
      "name": "CVE-2022-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
    },
    {
      "name": "CVE-2025-39730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
    },
    {
      "name": "CVE-2025-1992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2020-16971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
    },
    {
      "name": "CVE-2024-56347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2023-53125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
    },
    {
      "name": "CVE-2025-41244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
    },
    {
      "name": "CVE-2022-49985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-1493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
    },
    {
      "name": "CVE-2025-38556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
    },
    {
      "name": "CVE-2023-26133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-36096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36096"
    },
    {
      "name": "CVE-2025-3050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
    },
    {
      "name": "CVE-2025-38718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
    },
    {
      "name": "CVE-2025-38392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
    },
    {
      "name": "CVE-2023-53373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2025-0915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
    },
    {
      "name": "CVE-2024-52903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
    },
    {
      "name": "CVE-2025-38352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2024-56346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
    },
    {
      "name": "CVE-2025-38350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
    },
    {
      "name": "CVE-2025-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
    },
    {
      "name": "CVE-2022-31197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
    },
    {
      "name": "CVE-2025-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
    },
    {
      "name": "CVE-2022-50087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
    },
    {
      "name": "CVE-2025-38498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-33150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33150"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2024-47619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
    }
  ],
  "initial_release_date": "2025-11-14T00:00:00",
  "last_revision_date": "2025-11-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1013",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250959",
      "url": "https://www.ibm.com/support/pages/node/7250959"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249983",
      "url": "https://www.ibm.com/support/pages/node/7249983"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250785",
      "url": "https://www.ibm.com/support/pages/node/7250785"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249992",
      "url": "https://www.ibm.com/support/pages/node/7249992"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249994",
      "url": "https://www.ibm.com/support/pages/node/7249994"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250921",
      "url": "https://www.ibm.com/support/pages/node/7250921"
    },
    {
      "published_at": "2025-11-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250486",
      "url": "https://www.ibm.com/support/pages/node/7250486"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250907",
      "url": "https://www.ibm.com/support/pages/node/7250907"
    },
    {
      "published_at": "2025-11-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250395",
      "url": "https://www.ibm.com/support/pages/node/7250395"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250956",
      "url": "https://www.ibm.com/support/pages/node/7250956"
    },
    {
      "published_at": "2025-11-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250763",
      "url": "https://www.ibm.com/support/pages/node/7250763"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
      "url": "https://www.ibm.com/support/pages/node/7250474"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250971",
      "url": "https://www.ibm.com/support/pages/node/7250971"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250926",
      "url": "https://www.ibm.com/support/pages/node/7250926"
    },
    {
      "published_at": "2025-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251173",
      "url": "https://www.ibm.com/support/pages/node/7251173"
    }
  ]
}

CERTFR-2025-AVI-1065

Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05

De multiples vulnérabilités ont été découvertes dans NetApp ONTAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
NetApp	ONTAP	ONTAP versions 9.13.x antérieures à 9.13.1P18
NetApp	ONTAP	ONTAP versions 9.16.x antérieures à 9.16.1P9
NetApp	ONTAP	ONTAP versions 9.14.x antérieures à 9.14.1P15
NetApp	ONTAP	ONTAP versions 9.17.x antérieures à 9.17.1P1
NetApp	ONTAP tools pour VMware vSphere 10	ONTAP tools pour VMware vSphere 10 versions antérieures à 10.4
NetApp	ONTAP	ONTAP versions 9.15.x antérieures à 9.15.1P13

References

Title

Publication Time

Tags

Bulletin de sécurité NetApp NTAP-20250613-0007	2025-12-05	vendor-advisory
Bulletin de sécurité NetApp NTAP-20250613-0006	2025-12-05	vendor-advisory
Bulletin de sécurité NetApp NTAP-20250718-0013	2025-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ONTAP versions 9.13.x ant\u00e9rieures \u00e0 9.13.1P18",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.16.x ant\u00e9rieures \u00e0 9.16.1P9",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.14.x ant\u00e9rieures \u00e0 9.14.1P15",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.17.x ant\u00e9rieures \u00e0 9.17.1P1",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP tools pour VMware vSphere 10 versions ant\u00e9rieures \u00e0 10.4",
      "product": {
        "name": "ONTAP tools pour VMware vSphere 10",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.15.x ant\u00e9rieures \u00e0 9.15.1P13",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "initial_release_date": "2025-12-05T00:00:00",
  "last_revision_date": "2025-12-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1065",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans NetApp ONTAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NetApp ONTAP",
  "vendor_advisories": [
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250613-0007",
      "url": "https://security.netapp.com/advisory/NTAP-20250613-0007"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250613-0006",
      "url": "https://security.netapp.com/advisory/NTAP-20250613-0006"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250718-0013",
      "url": "https://security.netapp.com/advisory/NTAP-20250718-0013"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-47252 (GCVE-0-2024-47252)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Solutions

Solutions

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature